Using Locked Arguments

Declaring arguments with default values can be a useful technique for
simplifying the development and customization of rules. If you have a constant
value in a rule that might occasionally change, it is easier to locate and
change that value if it is defined in an argument rather than embedded deep
within a rule expression.

The Identity Manager IDE provides a simplified user interface for configuring
rules. You can change the default values of arguments in the Identity Manager IDE,
which is much easier than editing the entire rule expression.

After an argument is declared, it is possible for the caller of the
rule to override the default value by passing an explicit argument. However,
if you do not want the caller to have any control over the argument value,
include a locked attribute with a value of true in
the RuleArgument element to lock the argument. For example,

The domain argument is locked in this example, which
means the argument value will always be example.com—
even if the caller tries passing a value for the argument. If you are going
to use this rule at a site where the domain name is not example.com,
the administrator only has to edit the rule to change the argument value.
The administrator does not have to understand or modify the rule expression.